Credit card cloning, or “skimming”, is a technique whereby a malicious actor copies credit card information from a credit card associated with an account onto a counterfeit card. Cloning is typically performed by sliding the credit card through a skimmer to extract (“skim”) the credit card information from the magnetic strip of the card and storing the information onto the counterfeit card. The counterfeit card may then be used to incur charges to the account.
EMV (originally Europay, Mastercard, Visa) defines a standard for use of smart payment cards as well as terminals and automated teller machines that accept them.
EMV cards are smart cards (i.e., chip cards or IC (integrated circuit) cards) that include integrated circuits configured to store card information in addition to magnetic stripe information (for backward compatibility). EMV cards include both cards that are physically inserted (or “dipped”) into a reader, as well as contactless cards that may be read over a short distance using near-field communication (NFC) technology.
Some EMV cards use Chip and PIN (personal identification number) technology to overcome the problems associated with cloning. For example, to authorize a transaction a user may enter a personal identification number (PIN) at a transaction terminal following a card swipe. A stored PIN, retrieved from the card by the transaction terminal, may be compared against the PIN input and the transaction may be approved only in the event of a match between the two. Such a solution may reduce fraudulent activity, but remains vulnerable to PIN theft caused by eavesdropping, man-in-the-middle or other type of attack.